#### Why I did it
src/sonic-utilities
```
* 81c5349f - (HEAD -> master, origin/master, origin/HEAD) [chassis] fix show bgp summary when no neighbors are present on one ASIC (#3158) (10 hours ago) [Arvindsrinivasan Lakshmi Narasimhan]
```
#### How I did it
#### How to verify it
#### Description for the changelog
These changes adjust Nokia IXR7250 thermal sensor logging thresholds.
Why I did it
To modify the thermal sensor logging thresholds used on LC and Supervisor.
How I did it
Modified the JSON based thermal logging thresholds used to determine when to log current high sensor temperature and hottest sensor margin fluctuations.
How to verify it
Verify that syslog messages indicating current (high) temperature and margin values are only logged when these respective values fluctuate by at least 5 degrees.
- Why I did it
Fix the code to work also after warm reboot to work with FW controlled ports.
In warm reboot the control state sysfs of each port does not change unlike reboot or fast boot.
- How I did it
1. Check procfs cmdline if warm reboot done this is due to the fact pmon don't recognize warm reboot when it's taking place since pmon is loaded after warm reboot is finished.
2. If warm reboot done, check in static detection part for each port if it's FW controlled. If so, leave it this way and stop the state machine flow (set it to final state).
- How to verify it
1. Boot a switch with CMIS host management with at least one FW controlled port (non active cables or non cmis cables) then run warm reboot.
2. Verify no errors of sysfs reading appears for control sysfs
#### Why I did it
src/sonic-sairedis
```
* a504933 - (HEAD -> master, origin/master, origin/HEAD) Change dash API pipeline name (#1351) (11 hours ago) [Kamil Cudnik]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/sonic-swss
```
* b3b6a838 - (HEAD -> master, origin/master, origin/HEAD) [test_mux] Multi-mux-nh full test coverage (#3028) (25 minutes ago) [Nikola Dancejic]
* 3bd01444 - Bfd support for TSA state. (#2926) (6 hours ago) [siqbal1986]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/sonic-utilities
```
* a3cf5c02 - (HEAD -> master, origin/master, origin/HEAD) Fix the sfputil treats page number as decimal instead of hexadecimal (#3153) (6 hours ago) [Kebo Liu]
* 167f9966 - [Mellanox] Add support of the nvidia-bluefield platform to generate-dump utility. (#3091) (20 hours ago) [Oleksandr Ivantsiv]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/sonic-platform-common
```
* 888075d - (HEAD -> master, origin/master, origin/HEAD) [ssd_generic] Add support Transcend ssd-health. (#436) (31 hours ago) [Michael Shih]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/sonic-dash-api
```
* da6899b - (HEAD -> master, origin/master, origin/HEAD) Add/update fields needed for private link implementation (9 hours ago) [Prince Sunny]
* 960eab3 - Merge branch 'master' into pl-api (33 hours ago) [Prince Sunny]
* bc29979 - Merge branch 'master' into pl-api (4 days ago) [Lawrence Lee]
* 2d565d3 - Merge branch 'master' into pl-api (4 days ago) [Lawrence Lee]
* df6c512 - remove tunnel_key (4 days ago) [Lawrence Lee]
* 4d5ebda - Update proto files for PL (4 days ago) [Lawrence Lee]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/sonic-swss
```
* b18cbac6 - (HEAD -> master, origin/master, origin/HEAD) [Ci] Fix the test script naming issue (#3021) (81 minutes ago) [xumia]
* 5fd896f6 - [PortOrch] Add FEC codeword errors in port stats (#3029) (87 minutes ago) [vdahiya12]
* 77d56e6e - Fix the Orchagent crash seen during Port channel OC test cases. (#3042) (9 hours ago) [saksarav-nokia]
* 4d470592 - Fix memory leak and object copying bugs in orchagent (#3017) (10 hours ago) [Saikrishna Arcot]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/sonic-utilities
```
* 0408226f - (HEAD -> master, origin/master, origin/HEAD) Fix `sudo config load_mgmt_config` fails with error "File /var/run/dhclient.eth0.pid does not exist" (#3149) (18 hours ago) [Mai Bui]
```
#### How I did it
#### How to verify it
#### Description for the changelog
Why I did it
Upgrade the xgs SAI version to 10.1.6.0 to include the following fix:
10.1.6.0: [CS00012332630][SAI_BRANCH rel_ocp_sai_10_1] SAI - OTHER - [SAI BUG] sflow use psample to send packet, but the psample in linux version is not right.
10.1.4.0: [CS00012329827]ECMP LB traffic polarization, configure hash_offset along with hash_seed attr
10.1.3.0: Double commit test code fixes in EM for 10.1.
10.1.2.0: fix ODP packaging in rel_ocp_sai_10_1
10.1.1.0: Use knet-cb procfs path for DNX port speed sampling rate (does not use new genl)
Work item tracking
Microsoft ADO (number only): 26720003
How I did it
Upgrade xgs SAI version in sai.mk file.
How to verify it
Run full qual on s6100 T1: https://elastictest.org/scheduler/testplan/65c1c2e69e3e72f540cae34b
#### Why I did it
src/dhcprelay
```
* 363fa06 - (HEAD -> master, origin/master, origin/HEAD) Skip vlans with no dhcpv6 server configured (#46) (8 hours ago) [kellyyeh]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/sonic-swss
```
* d566e15a - (HEAD -> master, origin/master, origin/HEAD) Allow L4 port range egress ACL rules on DNX (#3014) (9 hours ago) [arista-nwolfe]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/sonic-utilities
```
* b5487357 - (HEAD -> master, origin/master, origin/HEAD) [route_check.py] account static routes in route_check.py (#3120) (9 hours ago) [Stepan Blyshchak]
* 64e1f9f4 - [Mellanox buffer migrator] Do not touch the buffer model on generic SKUs if the buffer configuration is empty (#3114) (19 hours ago) [Stephen Sun]
```
#### How I did it
#### How to verify it
#### Description for the changelog
- Why I did it
when reading sysfs fd upon python poller events, there's end of line garbage like "# 012" (without space between the 2 parts) trailing the real value of 1 or 0
- How I did it
using python strip() to remove end of line
- How to verify it
run the CMIS host management feature on a switch
wait few minutes until switch completes boot up sequence including CMIS host manager
then disconnect or reconnect a port to create a poller event
#### Why I did it
src/sonic-sairedis
```
* e5b8d4e - (HEAD -> master, origin/master, origin/HEAD) Make changes to support compiling on Bookworm (with GCC 12) (#1344) (3 days ago) [Saikrishna Arcot]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/sonic-dash-api
```
* ec15bc7 - (HEAD -> master, origin/master, origin/HEAD) Revert "rename VnetMapping.action_type" (#17) (2 hours ago) [Ze Gan]
* ad0f59e - Add unspecified default value to all enums (2 days ago) [Lawrence Lee]
* dd844b1 - Merge branch 'add-enum-default' of github.com:theasianpianist/sonic-dash-api into add-enum-default (4 days ago) [Lawrence Lee]
|\
| * 4b31135 - Merge branch 'master' into add-enum-default (4 days ago) [Lawrence Lee]
* | 4b41ea7 - rename VnetMapping.action_type (4 days ago) [Lawrence Lee]
|/
* b1ab99f - Add unspecified default value to all enums (4 days ago) [Lawrence Lee]
```
#### How I did it
#### How to verify it
#### Description for the changelog
Why I did it
The PR introduced a bug for slim image build, #17905, by which the sonic_asic_platform is missing when build docker image for slim image.
[ building ] [ target/docker-dhcp-relay.gz ]
/sonic/dockers/docker-dhcp-relay/cli-plugin-tests /sonic
/sonic
Traceback (most recent call last):
File "/usr/local/bin/j2", line 8, in <module>
sys.exit(main())
File "/usr/local/lib/python3.9/dist-packages/j2cli/cli.py", line 202, in main
output = render_command(
File "/usr/local/lib/python3.9/dist-packages/j2cli/cli.py", line 186, in render_command
result = renderer.render(args.template, context)
File "/usr/local/lib/python3.9/dist-packages/j2cli/cli.py", line 85, in render
return self._env \
File "/usr/lib/python3/dist-packages/jinja2/environment.py", line 1090, in render
self.environment.handle_exception()
File "/usr/lib/python3/dist-packages/jinja2/environment.py", line 832, in handle_exception
reraise(*rewrite_traceback_stack(source=source))
File "/usr/lib/python3/dist-packages/jinja2/_compat.py", line 28, in reraise
raise value.with_traceback(tb)
File "/sonic/dockers/docker-dhcp-relay/Dockerfile.j2", line 48, in top-level template code
{% if build_reduce_image_size != "y" or sonic_asic_platform != "broadcom" %}
jinja2.exceptions.UndefinedError: 'sonic_asic_platform' is undefined
make: *** [slave.mk:1072: target/docker-dhcp-relay.gz] Error 1
make: *** Waiting for unfinished jobs....
[ finished ] [ target/docker-swss-layer-bullseye.gz ]
[ finished ] [ target/docker-syncd-brcm-dnx.gz ]
make[1]: *** [Makefile.work:608: target/sonic-broadcom.bin] Error 2
make[1]: Leaving directory '/data/work/1/s'
make: *** [Makefile:41: target/sonic-broadcom.bin] Error 2
And why it slipped the PR test? PR test doesn't compile with slim option, it won't check sonic_asic_platform != "broadcom" for PR build.
Work item tracking
Microsoft ADO (number only):
How I did it
Export sonic_asic_platform for docker build in slave.mk
How to verify it
build with slim image option.
#### Why I did it
src/sonic-swss-common
```
* 3c3ae57 - (HEAD -> master, origin/master, origin/HEAD) Provide build flag to Disable compilation of libyang dependent interfaces (#853) (5 hours ago) [Vivek]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/sonic-platform-common
```
* 538ec67 - (HEAD -> master, origin/master, origin/HEAD) Tx/Rx power values should be rounded up to 3 decimal places (#432) (6 hours ago) [mihirpat1]
```
#### How I did it
#### How to verify it
#### Description for the changelog
- The ubuntu 2004 is needed by 202311
- Because the artifacts of ubuntu2004 are used by other repos, a daily building is needed without an updating of this repo for a long time.
Signed-off-by: Ze Gan <ganze718@gmail.com>
#### Why I did it
src/sonic-swss-common
```
* 253ceb6 - (HEAD -> master, origin/master, origin/HEAD) Fix race condition in ZmqServer. (#850) (23 hours ago) [mint570]
```
#### How I did it
#### How to verify it
#### Description for the changelog
- Why I did it
Update SDK/FW version to 4.6.2202/2012.2202
Fixed issues:
1. On Spectrum-3 systems, ports' toggling while sending traffic on 400G speed ports, might result in stuck FW.
2. In Spectrum-1 switch systems, 50G SR2 speed mode is not supported when AutoNeg is enabled. In this case although the max interface speed is 50G for SR2 or SR4 or SR, the actual max interface speed negotiated between the loopback is 25G.
3. On Spectrum-2 and Spectrum-3, Switch create in fastboot might take more than 40 seconds in case there are no active links.
4. When performing warmboot from version prior to 202205 to 202205 and above , no aging and mac move take place
- How I did it
Updating make files.
-How to verify it
Running regression
#### Why I did it
src/sonic-platform-pde
```
* f2cc748 - (HEAD -> master, origin/master, origin/HEAD) Merge pull request #35 from nonodark/local (21 hours ago) [賓少鈺]
* 607e920 - Fix 'Chassis' object has no attribute 'get_num_psu' in test_psu.py (3 weeks ago) [nonodark]
```
#### How I did it
#### How to verify it
#### Description for the changelog
Why I did it
Fix an error in the log_err call.
this error can be triggered by an invalid static route key. usually the code cannot go here with normal config file. but hit this issue with an invalid key by manual testing with redis-cli directly. the file is scanned by Python lint to prevent such errors.
Work item tracking
Microsoft ADO ():26250268
How I did it
fix the format error.
How to verify it
1, ran pylint to check the design, make sure no such error in the design file.
2, wrote a separate python program to verify the log call.
In the current logging related testing, usually use patch/mock for logging. for this specific error, could not trigger it if we call mock function instead the real function in the design. so need to do lint checking for code change.
### Why I did it
Disable eventd at buildtime for slim images
##### Work item tracking
- Microsoft ADO **(number only)**:26386286
#### How I did it
Add flags for disabling eventd and only copy rsyslog conf files when eventd is included and not slim image
#### How to verify it
Manual testing
Why I did it
Fix the build issue caused by the wrong version specified.
See the build error logs:
Try 4: /usr/bin/wget --retry-connrefused failed to get: -O
--2024-01-26 11:38:23-- https://sonicstorage.blob.core.windows.net/public/fips/bullseye/0.10/amd64/libk5crypto3_1.18.3-6+deb11u14+fips_amd64.deb
Resolving sonicstorage.blob.core.windows.net (sonicstorage.blob.core.windows.net)... 20.60.59.131
Connecting to sonicstorage.blob.core.windows.net (sonicstorage.blob.core.windows.net)|20.60.59.131|:443... connected.
HTTP request sent, awaiting response... 404 The specified blob does not exist.
2024-01-26 11:38:23 ERROR 404: The specified blob does not exist..
Try 5: /usr/bin/wget --retry-connrefused failed to get: -O
make[1]: *** [Makefile:12: /sonic/target/debs/bullseye/symcrypt-openssl_0.10_amd64.deb] Error 8
make[1]: Leaving directory '/sonic/src/sonic-fips'
Work item tracking
Microsoft ADO (number only): 26577929
The package not installed but PR passed issue is traced in another issue #17927
How I did it
Add the libkrb5-dev and the depended packages to fix docker-sonic-vs build failure.
The package libzmq3-dev has dependency on the libkrb5-dev.
#### Why I did it
src/sonic-sairedis
```
* 5b2a517 - (HEAD -> master, origin/master, origin/HEAD) Revert "add if statement for module control mode support" (#1341) (22 hours ago) [dbarashinvd]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/sonic-utilities
```
* 3d45c0c6 - (HEAD -> master, origin/master, origin/HEAD) Migrate GNMI table (#3053) (9 hours ago) [ganglv]
```
#### How I did it
#### How to verify it
#### Description for the changelog
Why I did it
ICM reported due to "BGPMon Process exited" which was caused by json load exception.
Work item tracking
Microsoft ADO (number only):
25916773
How I did it
Add an exception handle during json load.
How to verify it
Verified locally, add debug log to modify the output string of cmd to make it not with json formation, then check the syslog.
Why I did it
Align the keywords to make qos configuration take effect
Work item tracking
Microsoft ADO (number only):
How I did it
Change the keyword to ComputeAI
How to verify it
reload minigraph and check the qos configuration
- Why I did it
Based on some research some products might experience an occasional IO failures in the communication between CPU and SSD because of NCQ.
There seems to be a problem between some kernel versions and some SATA controllers.
Syslog error message examples:
Error "ata1: SError: { UnrecovData Handshk }" - "failed command: WRITE FPDMA QUEUED".
Error "ata1: SError: { RecovComm HostInt PHYRdyChg CommWake 10B8B DevExch }" - "failed command: READ FPDMA QUEUED".
Some vendors already disabled NCQ on their platforms in SONiC due to similar issue:
[Arista] Disable ATA NCQ for a few products #13739 [Arista] Disable ATA NCQ for a few products
[Arista] Disable SSD NCQ on DCS-7050CX3-32S #13964 [Arista] Disable SSD NCQ on DCS-7050CX3-32S
Also there are other discussions on Debian/Ubuntu forums about similar issues and it was suggested to disable NCQ:
https://askubuntu.com/questions/133946/are-these-sata-errors-dangerous
- How I did it
Add a kernel parameter to tell libata to disable NCQ
- How to verify it
Use FIO tool - fio --direct=1 --rw=randrw --bs=64k --ioengine=libaio --iodepth=64 --runtime=120 --numjobs=4
#### Why I did it
src/sonic-swss-common
```
* 41ee154 - (HEAD -> master, origin/master, origin/HEAD) [dbconnect]: Support DPU database schema (#845) (12 hours ago) [Ze Gan]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/sonic-utilities
```
* 96e42cc6 - (HEAD -> master, origin/master, origin/HEAD) Additional check to skip FRR-Offloaded check if the bgp route-src was not selected as best (#3130) (11 hours ago) [Deepak Singhal]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/sonic-mgmt-common
```
* 9905269 - (HEAD -> master, origin/master, origin/HEAD) Added support for singleton containers and a sibling list in a single SONIC table (3 days ago) [Mohammed Faraaz]
```
#### How I did it
#### How to verify it
#### Description for the changelog
### Why I did it
Fix the krb5 vulnerable issue
CVE-2021-36222 allows remote attackers to cause a NULL pointer dereference and daemon crash
CVE-2021-37750 NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field
DSA 5286-1 remote code execution
##### Work item tracking
- Microsoft ADO **(number only)**: 26577929
#### How I did it
Upgrade the krb5 version to 1.18.3-6+deb11u14+fips.
### Why I did it
- Modified "sonic-port.yang" for adding support in Port Yang model for the "mode" attribute for adding port modes
- Modified "sonic-portchannel.yang" for adding support in Port Channel Yang model for the "mode" attribute for adding port modes
- Updated tests for these modifications
#### How to verify it
- Added support to align SONiC yang with Config_db
### Why I did it
HLD implementation: Container Hardening (https://github.com/sonic-net/SONiC/pull/1364)
### How I did it
Reduce linux capabilities in privileged flag
#### How to verify it
Check container's settings: Privileged is false and container only has default Linux caps, does not have extended caps.
```
admin@vlab-01:~$ docker inspect nat | grep Privi
"Privileged": false,
admin@vlab-01:~$ docker exec -it nat bash
root@vlab-01:/# capsh --print
Current: cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap=ep
```
